If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

¿ about ARP packet injection and WEP ?

hi everybody.

could someone please explain to me how does the arp packet injection works ?

what i dont understand is that when the aireplay program sais that its "waiting for arp packets" to inject them, how can it tell whether the paket is or isnt ARP since all packets are encripted with WEP.

and if arp packets dont travel encripted, why isnt there the option to create an ARP by just using a known ip ?

im just curious. really wanna know.

if someone doesnt understand what i mean please tell me and i will try to clarify.

Re: ¿ about ARP packet injection and WEP ?

It's because with WEP using open authentication, any client can authenticate to the access point and "sniff" the packets that is within that access point. The data packets are encrypted with the WEP key and cannot be read in plain text, but can still be captured. ARP packets have distinct features that Aireplay-ng looks for. They are small in size so that can be replayed much faster than a larger file, they have the "To DS" (distribution system) bit on, and the destination is always broadcast. In order to create an ARP packet that will work with the network you have to obtain a PRGA file and use Packetforge-ng in order to create a packet to inject.

Someone please correct me if I'm wrong, I'm in the middle of learning about this as well and I want to make sure I am right as well.

Re: ¿ about ARP packet injection and WEP ?

@comaX : Thanks for letting me know. I'm taking the OSWP course this Wednesday and I just want to make sure I know the material. I felt it was good review to say it and get clarification, otherwise I would have probably not gone into so much detail.